IPTables is your best but, but it can be a bear to configure with out the docs, I sugest the gSheild iptables configuration utillity, robust and easy to use/understand